Could there be an easier way to alert domain registrars about domains being used for scams?
This morning I woke up to a spam SMS message promoting a scam site (see picture). The scam tries to trick people into disclosing their social security number and driver’s license, along with a host of other personal details, to get unemployment payments.
The domain name was registered about a month ago and the Whois record lists someone in Nigeria.
I like to report scams like this to the registrar so they can take action. That’s when things get complicated. The domain is registered at a registrar that’s part of a big domain name company. I know business people there, but I don’t know their abuse contact(s).
So I Googled the registrar and “abuse” and found a contact form. I filled it out and submitted information about the scam website.
This got me thinking that there has to be a better way. Taking down obvious scam websites quickly is important for the health of our industry. It would be helpful if there were a way to submit abuse complaints at a centralized level rather than registrar-by-registrar. One site to submit complaints that immediately forwards the complaint to the registrar according to Whois.
I imagine that security companies have direct lines into registrars to report abuse and this is probably streamlined. But as an individual reporter, it would be nice to have a system I could submit through and see the result (what action is taken).
Usually the abuse contact mentioned in the WHOIS is the most streamlined process.
What also works fast is to report the issue with the Google Safety Browser team. Most of the time they start blocking the malicious URL or domain on a browser level. Another idea is to use the Netcraft reporting browser plugin. When Netcraft starts blocking a domain other RBL providers most of the time start to block it also.
The ICANN has been working hard on that for the past 20 years but you know…things take time. Thank to the multistakeholder’s model, and thank to the (whatever) Registrar working group for being SO hard working on this issue . A solution should be found “soon”.
You’ve come to a reasonable conclusion Andrew. Reporting abuse via a centralized tool makes way more sense than trying to do so across an entire industry.
I came to the same place when working out where the DNS Abuse Institute could have the most impact. We’ve committed to building what we call the Centralized Abuse Reporting Tool (CART), and plans are already underway.
You can read a bit more about in our roadmap, summary and link to the full PDF are here: https://dnsabuseinstitute.org/the-dns-abuse-institute-roadmap/
Happy to chat more about it to you or any interested reader.
For the time being, before CART or SSAD comes into place, try using lookup.icann.org and sending to the registrar abuse contact as mentioned by Theo. This ICANN tool makes very straightforward to go from a domain to an abuse contact.
The hosting provider is in a much better position to take action than the registrar.
I used to believe this, but I think it’s also worthwhile to contact the registrar, maybe even as a first step. First, a registrar should know in case there are other domains registered by that person that are used for similar purposes. They can investigate this, maybe shut down multiple domains, and also prevent the person from registering more domains with them in the future. Second, there’s no accreditation for hosting, so there’s no accountability. In this case, the host is in Nigeria and I don’t know what their laws are there. That said, they actually have a dedicated abuse page and I’ve submitted the abuse complaint there.
Maybe a dedicated reporting channel should notify both the registrar and host.
Kudos to PDR, which suspended the domain within about 30 hours.